B. Issac,R. Chiong,S.M. Jacob

DOI: https://doi.org/10.48550/arXiv.1410.4672

2014-10-17

Abstract:One of the biggest problems with the Internet technology is the unwanted spam emails. The well disguised phishing email comes in as part of the spam and makes its entry into the inbox quite frequently nowadays. While phishing is normally considered a consumer issue, the fraudulent tactics the phishers use are now intimidating the corporate sector as well. In this paper, we analyze the various aspects of phishing attacks and draw on some possible defenses as countermeasures. We initially address the different forms of phishing attacks in theory, and then look at some examples of attacks in practice, along with their common defenses. We also highlight some recent statistical data on phishing scam to project the seriousness of the problem. Finally, some specific phishing countermeasures at both the user level and the organization level are listed, and a multi-layered anti-phishing proposal is presented to round up our studies.

Cryptography and Security

B. B. Gupta,Nalin Asanka Gamagedara Arachchilage,Konstantinos E. Psannis

DOI: https://doi.org/10.48550/arXiv.1705.09819

2017-05-27

Abstract:Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people's lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly inventive. One such a serious threat is "phishing", in which, attackers attempt to steal the user's credentials using fake emails or websites or both. It is true that both industry and academia are working hard to develop solutions to combat against phishing threats. It is therefore very important that organisations to pay attention to end-user awareness in phishing threat prevention. Therefore, the aim of our paper is twofold. First, we will discuss the history of phishing attacks and the attackers' motivation in details. Then, we will provide taxonomy of various types of phishing attacks. Second, we will provide taxonomy of various solutions proposed in literature to protect users from phishing based on the attacks identified in our taxonomy. Moreover, we have also discussed impact of phishing attacks in Internet of Things (IoTs). We conclude our paper discussing various issues and challenges that still exist in the literature, which are important to fight against with phishing threats.

Cryptography and Security

Azhar Ghafoor,,Munam Ali Shah,Bilal Zaka,Muhammad Nawaz,,,

DOI: https://doi.org/10.58245/ipsi.tir.2402.06

2024-07-01

Abstract:Phishing remains a pervasive cybersecurity threat, leveraging social engineering and technological deception to obtain sensitive information and credentials. This research explores novel attack paths employed by sophisticated adversaries, focusing on the identification and analysis of emerging tactics to enhance understanding and awareness of evolving phishing threats. The study uncovers various attack vectors, including the impersonation of reputable entities and the exploitation of legitimate platforms for malicious purposes. Notably, it highlights the increasing prevalence of documentbased and social media-based phishing campaigns, underscoring the adaptability of attackers in exploiting diverse channels to deceive users. Furthermore, the research evaluates the effectiveness of current countermeasures and proposes actionable strategies to mitigate phishing risks for organizations. Recommendations include strengthening email protection measures, implementing robust web filtering systems, and conducting simulated phishing campaigns to enhance employee awareness. By providing insights into emerging attack paths and practical recommendations, this research contributes to the ongoing efforts to combat phishing threats and strengthen cybersecurity resilience. The findings underscore the critical importance of proactive measures and continuous vigilance in safeguarding against evolving cyber threats in today's dynamic digital landscape.

Xiang Liu,Sayed Fayaz Ahmad,Muhammad Khalid Anser,Jingying Ke,Muhammad Irshad,Jabbar Ul-Haq,Shujaat Abbas

DOI: https://doi.org/10.3389/fpsyg.2022.927398

2022-10-19

Abstract:This study explores the challenge of cyber security threats that e-commerce technology and business are facing. Technology applications for e-commerce are attracting attention from both academia and industry. It has made what was not possible before for the business community and consumers. But it did not come all alone but has brought some challenges, and cyber security challenge is one of them. Cyber security concerns have many forms, but this study focuses on social engineering, denial of services, malware, and attacks on personal data. Firms worldwide spend a lot on addressing cybersecurity issues, which grow each year. However, it seems complicated to overcome the challenge because the attackers continuously search for new vulnerabilities in humans, organizations, and technology. This paper is based on the conceptual analysis of social engineering, denial of services, malware, and attacks on personal data. We argue that implementing modern technology for e-commerce and cybersecurity issues is a never-ending game of cat and mouse. To reduce risks, reliable technology is needed, training of employees and consumer is necessary for using the technology, and a strong policy and regulation is needed at the firm and governmental level.

Belal Amro

DOI: https://doi.org/10.4236/jcc.2018.62003

2018-02-13

Abstract:The rapid evolution in mobile devices and communication technology has increased the number of mobile device users dramatically. The mobile device has replaced many other devices and is used to perform many tasks ranging from establishing a phone call to performing critical and sensitive tasks like money payments. Since the mobile device is accompanying a person most of his time, it is highly probably that it includes personal and sensitive data for that person. The increased use of mobile devices in daily life made mobile systems an excellent target for attacks. One of the most important attacks is phishing attack in which an attacker tries to get the credential of the victim and impersonate him. In this paper, analysis of different types of phishing attacks on mobile devices is provided. Mitigation techniques - anti-phishing techniques - are also analyzed. Assessment of each technique and a summary of its advantages and disadvantages is provided. At the end, important steps to guard against phishing attacks are provided. The aim of the work is to put phishing attacks on mobile systems in light, and to make people aware of these attacks and how to avoid them

Cryptography and Security

Mario Ciprian Birlea

DOI: https://doi.org/10.48550/arXiv.2004.01556

2020-04-01

Abstract:This paper aims to provide an understanding of what a phishing attack is, the types of phishing attacks and methods employed by cyber criminals. This journal will also provide an understanding on where phishing attacks are carried via various technologies and provide an understanding of working actively to detect and proactively to prevent. As we are continuously developing the technology the chance of cyber-attacks will proportionally increase. Consequently, this paper will help the readers understand what studies have been conducted, analyzed and results provided pinpointed the essence of phishing attacks.

Cryptography and Security

Santosh Nejakar,Poorva Agrawal,Latika Pinjarkar,Gagandeep Kaur,Mahantesh P. Mattada,P. Hete

DOI: https://doi.org/10.1109/ICAIT61638.2024.10690377

2024-07-24

Abstract:Explore the intricate world of online scams through our guide, shedding light on cybercriminals' tactics in phishing, banking frauds, and e-commerce deceptions. This survey paper is a friendly handbook for navigating the digital realm safely, offering insights and practical tips. Delve into phishing, where individuals use fake communications to steal information, and learn to bolster defenses against digital con artists. Discover scams in the Indian cyber landscape like ATM skimming and bogus loan offers, while emphasizing caution and vigilant monitoring. Uncover strategies of fraudulent websites in online shopping, and empower readers with practical tips to outsmart online tricksters. Foster digital intelligence and create a safer online environment.

Business,Law,Computer Science

Tanmay Chandel

DOI: https://doi.org/10.22214/ijraset.2023.52927

2023-05-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: The advent of Web 2.0 and Web 3.0 technologies has created new opportunities for cybercriminals to launch malware and phishing attacks. This review paper aims to provide an overview of the current state of these types of attacks in Web 2.0 and Web 3.0 environments, as well as the tools and strategies that can be used to prevent them. The paper begins by defining malware and phishing and describing the basic methods used to execute these attacks. It then delves into the specific characteristics of Web 2.0 and Web 3.0 environments that make them vulnerable to these types of attacks. For example, the ability to share information and collaborate in real time in Web 2.0 environments can create opportunities for cybercriminals to exploit trust relationships and launch phishing attacks. In Web 3.0 environments, the use of blockchain and decentralized technologies introduces new challenges for preventing malware and phishing attacks. The paper discusses the the functioning and the procedures which are followed in the event of a malware attack or phishing attack in unison with social engineering and also takes a look at a case study of a real life phishing attack in web 3.0. The paper concludes by outlining some of the key tools and strategies that can be used to prevent malware and phishing attacks in Web 2.0 and Web 3.0 environments. These include technical measures such as anti-malware software, firewalls, and spam filters, as well as user education and training to recognize and avoid phishing attacks. Overall, the paper provides a comprehensive overview of the current state of malware and phishing attacks in Web 2.0 and Web 3.0 environments, as well as the strategies and tools that can be used to prevent them. As the use of these technologies continues to grow, it is essential that individuals and organizations take steps to protect themselves against these types of cyber attacks.

Alessandro Ecclesie Agazzi

DOI: https://doi.org/10.48550/arXiv.2006.00577

2020-06-01

Abstract:Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome, increasing the chance of success. The focus will be also given on four different layers of protection against these social engineering attacks, showing their strengths and weaknesses; the first and second layers consist of automated tools and decision-aid tools. the third one is users' knowledge and expertise to deal with potential threats. The last layer, defined as "external", will underline the importance of having a Multi-factor authentication, an effective way to provide an enhanced security, creating a further layer of protection against Phishing and Spear Phishing.

Cryptography and Security,Computers and Society

Cynthia Dhinakaran,Dhinaharan Nagamalai,Jae Kwang Lee

DOI: https://doi.org/10.48550/arXiv.1108.1593

2011-08-08

Abstract:Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, phishing etc. Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we examine the characteristics of phishing and technology used by Phishers. In order to counter anti-phishing technology, phishers change their mode of operation; therefore a continuous evaluation of phishing only helps us combat phisher effectiveness. In our study, we collected seven hundred thousand spam from a corporate server for a period of 13 months from February 2008 to February 2009. From the collected data, we identified different kinds of phishing scams and mode of operation. Our observation shows that phishers are dynamic and depend more on social engineering techniques rather than software vulnerabilities. We believe that this study will develop more efficient anti-phishing methodologies. Based on our analysis, we developed an anti-phishing methodology and implemented in our network. The results show that this approach is highly effective to prevent phishing attacks. The proposed approach reduced more than 80% of the false negatives and more than 95% of phishing attacks in our network.

Cryptography and Security

Anne James,Waleed Bul’ajoul,Yahaya Isah Shehu,Yinsheng Li,Godwin Attah Obande

DOI: https://doi.org/10.1049/pbse001e_ch6

2018-01-01

Abstract:The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyberattacks. This chapter outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are (1) biometrics for authentication, (2) parallel processing to increase power and speed of defenses, (3) data mining and machine learning to identify attacks, (4) peer-to-peer security using blockchains, (5) enterprise security modeling and security as a service, and (6) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated.

Avisha Das,Shahryar Baki,Ayman El Aassal,Rakesh Verma,Arthur Dunbar

DOI: https://doi.org/10.48550/arXiv.1911.00953

2019-11-04

Abstract:Phishing and spear-phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear-phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and base-rate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques, we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear-phishing, and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

Cryptography and Security

Tejveer Singh,Manoj Kumar,Santosh Kumar

DOI: https://doi.org/10.1016/j.compeleceng.2024.109374

IF: 4.152

2024-06-20

Computers & Electrical Engineering

Abstract:Phishing has emerged as a significant cyber threat, resulting in huge financial frauds for internet users annually. This malicious activity uses social engineering and upgraded methodologies (like file archiver in the browser, content injection, calendar phishing, more convincing fake websites or emails, voice manipulation, or other tools designed to deceive and exploit the target's confidence) to extract sensitive information from unsuspected victims. In order to mitigate these attacks, several methods and tools have been devised; various detection techniques and block phishing websites, and browser extensions that notify users about suspicious websites. Our work elaborates on meticulous analysis of the detection of phishing attacks by classifying them into four broader categories based on the adopted methodologies like List-Based Detection, Heuristic-Based Detection, machine learning (ML)-based, and deep learning (DL)-based. Additionally, it summarizes the popular devised schemes, highlighting their advantages and limitations, and how these are suitable for the different types of deployments.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Fiona Carroll,John Ayooluwa Adejobi,Reza Montasari

DOI: https://doi.org/10.1007/s42979-022-01069-1

Abstract:Phishing attacks are on the increase. The fact that our ways of living, studying and working have drastically changed as a result of the COVID pandemic (i.e., almost everything being done online) has created many new cyber security concerns. In particular, with the move to remote working, the number of phishing emails threatening employees has increased. The 2020 Phishing Attack Landscape Report (Greathorn: 2020 Phishing attack landscape. https://info.greathorn.com/report-2020-phishing-attack-landscape/, 2020) highlights a sharp increase in the frequency of attempted phishing attacks. In this paper, we are interested in how the phishing email attack has evolved to this very threatening state. In detail, we explore the current phishing attack characteristics especially the growing challenges that have emerged as a result of the COVID-19 pandemic. The paper documents a study that presented test participants with five different categories of emails (including phishing and non phishing) . The findings from the study show that participants, generally, found it difficult to detect modern phishing email attacks. Saying that, participants were alert to the spelling mistakes of the older phishing email attacks, sensitive information being requested from them and any slight change to what they were normally used to from an email. Moreover, we have found that people were not confident, worried and often dissatisfied with the current technologies available to protect them against phishing emails. In terms of trust, these feelings alerted us to the increasing severity of the phishing attack situation and just how vulnerable society has become/ still is.

Abdul Basit,Maham Zafar,Xuan Liu,Abdul Rehman Javed,Zunera Jalil,Kashif Kifayat

DOI: https://doi.org/10.1007/s11235-020-00733-2

Abstract:In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client's sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain.

Mousa Jari

DOI: https://doi.org/10.5121/csit.2022.121319

2022-09-13

Abstract:Phishing is a form of cybercrime and a threat that allows criminals, phishers, to deceive end users in order to steal their confidential and sensitive information. Attackers usually attempt to manipulate the psychology and emotions of victims. The increasing threat of phishing has made its study worthwhile and much research has been conducted into the issue. This paper explores the emotional factors that have been reported in previous studies to be significant in phishing victimization. In addition, we compare what security organizations and researchers have highlighted in terms of phishing types and categories as well as training in tackling the problem, in a literature review which takes into account all major credible and published sources.

Cryptography and Security,Human-Computer Interaction,General Literature,Computers and Society

Marc Rader,Shawon Rahman

DOI: https://doi.org/10.5121/ijnsa.2013.5402

2015-12-01

Abstract:Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risks.

Cryptography and Security,Computers and Society

O. B. Longe,V. Mbarika,M. Kourouma,F. Wada,R. Isabalija

DOI: https://doi.org/10.48550/arXiv.1001.1993

2010-01-13

Abstract:The malaise of electronic spam mail that solicit illicit partnership using bogus business proposals (popularly called 419 mails) remained unabated on the internet despite concerted efforts. In addition to these are the emergence and prevalence of phishing scams that use social engineering tactics to obtain online access codes such as credit card number, ATM pin numbers, bank account details, social security number and other personal information (22). In an age where dependence on electronic transaction is on the increase, the web security community will have to devise more pragmatic measures to make the cyberspace safe from these demeaning ills. Understanding the perpetrators of internet crimes and their mode of operation is a basis for any meaningful effort towards stemming these crimes. This paper discusses the nature of the criminals engaged in fraudulent cyberspace activities with special emphasis on the Nigeria 419 scam mails. Based on a qualitative analysis and experiments to trace the source of electronic spam and phishing emails received over a six months period, we provide information about the scammers personalities, motivation, methodologies and victims. We posited that popular email clients are deficient in the provision of effective mechanisms that can aid users in identifying fraud mails and protect them against phishing attacks. We demonstrate, using state of the art techniques, how users can detect and avoid fraudulent emails and conclude by making appropriate recommendations based on our findings.

Cryptography and Security

Wajeb Gharibi

DOI: https://doi.org/10.48550/arXiv.1201.0949

2012-01-05

Abstract:Phishing (password + fishing) is a form of cyber crime based on social engineering and site spoofing techniques. The name of 'phishing' is a conscious misspelling of the word 'fishing' and involves stealing confidential data from a user's computer and subsequently using the data to steal the user's money. In this paper, we study, discuss and propose the phishing attack stages and types, technologies for detection of phishing web pages, and conclude our paper with some important recommendations for preventing phishing for both consumer and company.

Cryptography and Security

Mohammed Aamir Ali,Muhammad Ajmal Azad,Mario Parreno Centeno,Feng Hao,Aad van Moorsel

DOI: https://doi.org/10.1016/j.future.2019.03.041

IF: 7.307

2019-11-01

Future Generation Computer Systems

Abstract:<p>The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks.</p>

English Else